Add 'gitlab' role

- GitLab is an open source GitHub clone - http://gitlab.org/; - 'gitlab' role installs and configures GitLab CE with nginx as webserver and MySQL as backend database. Support for PostgreSQL database will be added at a later date; - 'gitlab' role is idempotent and should support future upgrades of GitLab CE (new releases every 22nd of the month); - currently 'gitlab' role does not support all GitLab configuration options, support will be added as needed over time;
debops · Mar 2, 2014 · ca568a7 · ca568a7
1 parent 0a84185
commit ca568a7
Show file tree

Hide file tree

Showing 27 changed files with 1,209 additions and 0 deletions.
diff --git a/playbooks/gitlab.yml b/playbooks/gitlab.yml
@@ -0,0 +1,9 @@
+---
+
+- name: GitLab support
+  hosts: ginas_gitlab
+  sudo: yes
+
+  roles:
+    - { role: gitlab, tags: gitlab }
+
diff --git a/playbooks/roles/gitlab/defaults/main.yml b/playbooks/roles/gitlab/defaults/main.yml
@@ -0,0 +1,74 @@
+---
+# role: gitlab (Open Source GitHub clone)
+# Homepage: http://gitlabhq.com/
+
+
+# ---- Basic options ----
+
+# Should GitLab role manage it's own dependencies (database, web server)?
+gitlab_dependencies: True
+
+# What version of GitLab to install / manage
+gitlab_version: '6.6'
+
+# Allow automatic upgrades to next version? If not, Ansible will stop execution
+# when it detects that GitLab requires upgrade
+gitlab_auto_upgrade: True
+
+
+# ---- GitLab instance configuration ----
+
+# What database to use for GitLab instnce? Choices: mysql, postgresql
+# Currently only MySQl is supported
+gitlab_database: 'mysql'
+
+# Domain which will be used for nginx server and gitlab-shell access
+# GitLab will be configured with HTTPS enabled by default
+gitlab_domain: 'code.{{ ansible_domain }}'
+
+# E-mail sender name used by GitLab
+gitlab_email_name: 'GitLab'
+
+# E-mail address used by GitLab
+gitlab_email_from: 'git@{{ gitlab_domain }}'
+
+# E-mail address for GitLab support
+gitlab_email_support: 'root@{{ ansible_domain }}'
+
+
+# ---- New user configuration ----
+
+# Enable sign up on the front page?
+gitlab_signup_enabled: 'true'
+
+# Default project limit for new users
+gitlab_default_projects_limit: '50'
+
+# Should new users be able to create groups?
+gitlab_default_can_create_group: 'true'
+
+# Can users change their own username?
+gitlab_username_changing_enabled: 'false'
+
+# Default GitLab theme to use
+gitlab_default_theme: '2'
+
+
+# ---- Internal application settings ----
+
+# nginx client_max_body_size value
+gitlab_nginx_client_max_body_size: '5m'
+
+# nginx - gitlab proxy timeout in seconds
+gitlab_nginx_proxy_timeout: '300'
+
+# Max git upload size in bytes
+gitlab_git_max_size: '5242880'
+
+# git connection timeout in seconds
+gitlab_git_timeout: '10'
+
+# unicorn connection timeout in seconds
+gitlab_unicorn_timeout: '30'
+
+
diff --git a/playbooks/roles/gitlab/handlers/main.yml b/playbooks/roles/gitlab/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart gitlab
+  service: name=gitlab state=restarted
+  when: gitlab_status_ce_installed is defined and gitlab_status_ce_installed
+
diff --git a/playbooks/roles/gitlab/meta/main.yml b/playbooks/roles/gitlab/meta/main.yml
@@ -0,0 +1,24 @@
+---
+
+dependencies:
+
+  - role: mysql
+    when: (gitlab_dependencies is defined and gitlab_dependencies) and
+          (gitlab_database is defined and gitlab_database and gitlab_database == 'mysql')
+
+    mysql_databases:
+      - name: '{{ gitlab_database_config[gitlab_database].database }}'
+        state: 'present'
+
+    mysql_users:
+      - name: '{{ gitlab_database_config[gitlab_database].username }}'
+        host: '{{ gitlab_database_config[gitlab_database].hostname }}'
+        priv: '{{ gitlab_database_config[gitlab_database].database }}.*:ALL'
+        state: 'present'
+
+  - role: nginx
+    nginx_servers: [ '{{ gitlab_nginx_server }}' ]
+    nginx_upstreams: [ '{{ gitlab_nginx_upstream }}' ]
+    when: (gitlab_dependencies is defined and gitlab_dependencies)
+
+
diff --git a/playbooks/roles/gitlab/tasks/check_status.yml b/playbooks/roles/gitlab/tasks/check_status.yml
@@ -0,0 +1,37 @@
+---
+
+- name: Check if gitlab-shell is installed
+  set_fact:
+    gitlab_status_shell_installed: True
+  when: (ansible_local.gitlab_shell is defined and ansible_local.gitlab_shell.instance)
+
+- name: Check if gitlab-shell has to be upgraded
+  set_fact:
+    gitlab_status_shell_upgrade: True
+  when: (gitlab_status_shell_installed is defined and gitlab_status_shell_installed) and
+        (ansible_local.gitlab_shell.instance.gitlab_version != gitlab_version) and
+        (ansible_local.gitlab_shell.instance.shell_version != gitlab_version_map[gitlab_version].shell)
+
+- name: Fail if auto upgrade is disabled
+  fail: msg="gitlab-shell requires an upgrade but automatic upgrades are disabled"
+  when: (gitlab_status_shell_upgrade is defined and gitlab_status_shell_upgrade) and
+        (gitlab_auto_upgrade is undefined or (gitlab_auto_upgrade is defined and not gitlab_auto_ugrade))
+
+- name: Check if GitLab CE is installed
+  set_fact:
+    gitlab_status_ce_installed: True
+  when: (ansible_local.gitlab_ce is defined and ansible_local.gitlab_ce.instance)
+
+- name: Check if GitLab CE has to be upgraded
+  set_fact:
+    gitlab_status_ce_upgrade: True
+  when: (gitlab_status_ce_installed is defined and gitlab_status_ce_installed) and
+        (ansible_local.gitlab_ce.instance.gitlab_version != gitlab_version) and
+        (ansible_local.gitlab_ce.instance.ce_version != gitlab_version_map[gitlab_version].ce)
+
+- name: Fail if auto upgrade is disabled
+  fail: msg="GitLab CE requires an upgrade but automatic upgrades are disabled"
+  when: (gitlab_status_ce_upgrade is defined and gitlab_status_ce_upgrade) and
+        (gitlab_auto_upgrade is undefined or (gitlab_auto_upgrade is defined and not gitlab_auto_upgrade))
+
+
diff --git a/playbooks/roles/gitlab/tasks/configure_gitlab-shell.yml b/playbooks/roles/gitlab/tasks/configure_gitlab-shell.yml
@@ -0,0 +1,68 @@
+---
+
+# ---- git clone & git checkout ----
+
+- name: Clone gitlab-shell source code
+  git: repo={{ gitlab_source_address + gitlab_source_repository.shell }}
+       dest={{ gitlab_sources + '/' + gitlab_source_repository.shell }}
+       version={{ gitlab_version_map[gitlab_version].shell }}
+       bare=yes update=yes
+  sudo_user: '{{ gitlab_user }}'
+  register: gitlab_register_shell_source
+
+- name: Check if gitlab-shell is checked out
+  stat: path={{ gitlab_home }}/gitlab-shell
+  register: gitlab_register_shell_directory
+
+- name: Create gitlab-shell directory
+  file: path={{ gitlab_home }}/gitlab-shell state=directory
+        owner={{ gitlab_user }} group={{ gitlab_group }} mode=0755
+  when: (gitlab_register_shell_source is defined and gitlab_register_shell_source.changed == True) or
+        (gitlab_register_shell_directory is defined and gitlab_register_shell_directory.stat.exists == False)
+
+- name: Prepare gitlab-shell worktree
+  template: src=srv/users/git/gitlab-shell/git.j2 dest={{ gitlab_home }}/gitlab-shell/.git
+            owner={{ gitlab_user }} group={{ gitlab_group }} mode=0644
+  when: (gitlab_register_shell_source is defined and gitlab_register_shell_source.changed == True) or
+        (gitlab_register_shell_directory is defined and gitlab_register_shell_directory.stat.exists == False)
+
+- name: Checkout gitlab-shell
+  shell: GIT_WORK_TREE={{ gitlab_home }}/gitlab-shell git checkout -f {{ gitlab_version_map[gitlab_version].shell }}
+         chdir={{ gitlab_sources + '/' + gitlab_source_repository.shell }}
+  sudo_user: '{{ gitlab_user }}'
+  register: gitlab_register_shell_checkout
+  when: (gitlab_register_shell_source is defined and gitlab_register_shell_source.changed == True) or
+        (gitlab_register_shell_directory is defined and gitlab_register_shell_directory.stat.exists == False)
+
+
+# ---- gitlab-shell/config.yml ----
+
+- name: Check gitlab-shell configuration for changes
+  shell: sha1sum {{ gitlab_home }}/gitlab-shell/config.yml.example | cut -d" " -f1
+  register: gitlab_register_shell_config_checksum
+  when: gitlab_register_shell_checkout is defined and gitlab_register_shell_checkout.changed == True
+
+- name: Fail if gitlab-shell configuration changed
+  fail: msg="gitlab-shell configuration changed, check it and update checksum"
+  when: (gitlab_register_shell_checkout is defined and gitlab_register_shell_checkout.changed == True) and
+        (gitlab_register_shell_config_checksum.stdout != gitlab_checksums.shell[gitlab_version_map[gitlab_version].shell].config)
+
+- name: Configure gitlab-shell
+  template: src=srv/users/git/gitlab-shell/{{ gitlab_config_map[gitlab_version].shell }}/config.yml.j2
+            dest={{ gitlab_home }}/gitlab-shell/config.yml
+            owner={{ gitlab_user }} group={{ gitlab_group }} mode=0644
+  when: gitlab_register_shell_checkout is defined and gitlab_register_shell_checkout.changed == True
+
+
+# ---- Setup ----
+
+- name: Setup gitlab-shell
+  shell: ./bin/install chdir={{ gitlab_home }}/gitlab-shell
+  sudo_user: '{{ gitlab_user }}'
+  when: gitlab_register_shell_checkout is defined and gitlab_register_shell_checkout.changed == True
+
+- name: Add GitLab host to SSH known hosts
+  shell: ssh-keyscan -t rsa,ecdsa -H {{ gitlab_domain }} > {{ gitlab_home }}/.ssh/known_hosts
+  sudo_user: '{{ gitlab_user }}'
+  when: gitlab_register_shell_checkout is defined and gitlab_register_shell_checkout.changed == True
+